PT-2022-3206 · Eer21001+2 · Eer21001+2
Published
2022-05-10
·
Updated
2022-06-13
·
CVE-2022-30234
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wiser Smart versions 4.5 and prior
EER21000 versions 4.5 and prior
EER21001 versions 4.5 and prior
Description
A Use of Hard-coded Credentials issue exists, potentially allowing arbitrary code execution when root level access is obtained. This could enable a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not specified.
Recommendations
For Wiser Smart versions 4.5 and prior, update to a version later than 4.5 to resolve the issue.
For EER21000 versions 4.5 and prior, update to a version later than 4.5 to resolve the issue.
For EER21001 versions 4.5 and prior, update to a version later than 4.5 to resolve the issue.
As a temporary workaround, consider restricting root level access to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eer21000
Eer21001
Wiser Smart